On November 9, 2021, as part of Patch Tuesday, Microsoft released an update to address CVE-2021-41379 , a “Windows Installer Elevation of Privilege Vulnerability” that had a modest CVSS score (5.5), without much fanfare. The original CVE allows an attacker to delete files on a system using elevated privileges. Fast-forward to November 22, 2021, when after investigating the patch, the researcher that discovered the vulnerability, Abdelhamid Naceri, found that it did not fully remediate the issue and published proof-of-concept (PoC) code on GitHub proving exploitation of the vulnerability is still possible on patched versions of Windows allowing for SYSTEM-level privileges. The working PoC “overwrites Microsoft Edge elevation service 'DACL' and copies itself to the service location, then executes it to gain elevated privileges.” With a zero-day exploit available, attackers have been chipping away at ways to utilize the vulnerability, especially in malware . As of November 30...